FortiMail 02 System Configuration
Transcript of FortiMail 02 System Configuration
-
8/10/2019 FortiMail 02 System Configuration
1/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
1
2013 Fortinet Inc. All r ights reserved.
The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams
or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical
or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726
System Configuration
Module 2
2
Module Objectives
By the end of this module, you will be able to:
Use CLI and web UI administrative interfaces
Configure initial settings on the FortiMail system
Search FortiMail system logs to obtain data
-
8/10/2019 FortiMail 02 System Configuration
2/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
3
Web Access
Admin Login
https://192.168.1.99/admin
Webmail Login
https://192.168.1.99
4
Admin Web UI
-
8/10/2019 FortiMail 02 System Configuration
3/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
5
System Status
6
Admin Menu
Menu options available in the Admin web UI include the following:
-
8/10/2019 FortiMail 02 System Configuration
4/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
7
System
Dashboard JAVA Based Console Provides direct access to the command line interface via the web GUI
8
Login Customization
-
8/10/2019 FortiMail 02 System Configuration
5/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
9
Context Sensitive On-line Help
10
Basic and Advanced Mode
Basic Mode
Commonly used options only
Day-to-day operation
Advanced Mode
Full set of menu options
-
8/10/2019 FortiMail 02 System Configuration
6/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
11
CLI Tree
config system interface
edit
set status {up | down}
set ip
nextend
Command Object
Subcommand Table
Option
Field
Value
12
Quick Start Wizard
Effective way to have the unit up and running in no time by configuring
the following parameters:
Default password for the administrator account
Network and time settings
Local host settings
Protected domains
Incoming and outgoing antispam and antivirus
Access control rules for SMTP Relay
Note: The operational mode cannot be set though the Quick Start Wizard
-
8/10/2019 FortiMail 02 System Configuration
7/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
13
Configuring Network Interfaces
14
Link Status Propagation
Link status of a port is
propagated to other port(s)
Status of an interface is
linked to the status of another
interface
If associated interface is
down, the interface goes
down too
-
8/10/2019 FortiMail 02 System Configuration
8/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
15
Link Status Propagation
If the outgoing interface isdown FortiMail unit will
disable the incoming
interface and vice-versa
Downstream load-balancer:
Detects the failure
Removes the appliance from
the LB algorithm to stop mail
forwarding
Sends messages to other units
available in the pool
1. FAILURE
DETECTION
2. STATUS
PROPAGATION
MTA
3. FORTIMAIL IS
REMOVED FROM
THE LB POOL
16
Configuring Routing
-
8/10/2019 FortiMail 02 System Configuration
9/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
17
Route Selection
The destination IP address is compared to those of the static routes todetermine which route a packet will take
The most specific route will always be chosen
If there is more than one specific route available in the routing table,the FortiMail unit will apply the route with the smallest index number
The index number is a unique value used to identify a route entry inthe routing table and can be determined with the following CLIcommand:get system route
18
DNS Settings
Primary and secondary DNS can be configured using the web UI or the CLI
CLI Configuration:config system dns
set primary 10.0.1.1
set secondary 208.91.112.52end
CLI Configuration:config system dns
set primary 10.0.1.1
set secondary 208.91.112.52end
-
8/10/2019 FortiMail 02 System Configuration
10/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
19
Administration Options
20
Access Profiles
Access Profiles are used to:
Control which areas an administrator can access
Define the level of permissions in that area
-
8/10/2019 FortiMail 02 System Configuration
11/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
21
Password Policies
Enforce complex passwords
Apply to administrators, webmail and IBE users
22
Admin Authentication
Authentication types supported include local, RADIUS,
RADIUS+Local, PKI and LDAP
-
8/10/2019 FortiMail 02 System Configuration
12/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
23
Enable and Disable Message Services
Allows you to turn SMTP, POP3 or IMAP services ON/OFF
Required for vulnerability and security assessment tests when those
services are not in use
CLI configuration:config system mailserver
set smtp-service enable|disable
set pop3-service enable|disable
set imap-service enable|disable
24
FortiMail Log Types
The following types of log messages can be recorded:
History
Emails handled by the FortiMail unit
Event
System and admin related logs
Antivirus
Virus detection and inspection logs
Antispam
Spam related messages
Encryption
Encryption subsystem such as IBE and S/MIME
-
8/10/2019 FortiMail 02 System Configuration
13/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
25
Log Message Severity Levels
Levels Description
0 Emergency System unstable
1 Alert Immediate action required
2 Critical General functionality affected
3 Error Error condition exists
4 Warning Functionality could be affected
5 Notification Notif ication about normal events
7 Information General system operation
26
History Log Disposition and Classifier
Disposition and Classifierare used to provide extra information
regarding email processing
Disposition defines the action taken by the FortiMail unit
Classifierexplains why such action was taken
For a complete list of Dispositions and Classifiers, refer to the FortiMail
Admin Guide
-
8/10/2019 FortiMail 02 System Configuration
14/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
27
Logging Storage
Log messages can belogged to local disk
(default option) or to a
remote device (for
example, FortiAnalyzer
system, generic syslog)
Different logging
policies can be
configured based on the
logging location
28
Log Message Correlation
Since different types of log files record different activities, the same
SMTP session may be logged in different types of log files
Click on the Session ID link to display all the logs generated for a
specific SMTP session
-
8/10/2019 FortiMail 02 System Configuration
15/16
221 - FortiMail Email Filtering System Configura
06-50000-0221-20130726
29
Reports
Reports can begenerated directly
from the FortiMail Unit
Generated reports
appear in Monitor >
Reports
30
SNMP
SNMP agent can be enabled on the FortiMail unit to generate SNMP
traps when certain system events or thresholds have been reached
Up to three SNMP communities can be configured on the FortiMail unit
-
8/10/2019 FortiMail 02 System Configuration
16/16
221 - FortiMail Email Filtering System Configura
31
SNMP Support
SNMP message integrity, authentication and encryption
SNMP v1, v2c
SNMP v3
32
SNMP v3 Configuration